On Tue, 25 Jul 2006, jtelep@??? wrote:
> SO the mail clients then should choose an option similar to "Use TLS, if
> available"
Never use this option. It makes you vulnerable to downgrade attacks which
can cause your password to be revealed to an attacker without any visible
warning. Only use TLS or SSL in "required" mode with server certificate
verification.
Tony.
--
<fanf@???> <dot@???>
http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}
